2014-04-16 12:37:07 +04:00
// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2014-04-10 22:20:58 +04:00
package repo
import (
2014-04-11 06:27:13 +04:00
"bytes"
2014-10-16 00:28:38 +04:00
"compress/gzip"
2014-04-10 22:20:58 +04:00
"fmt"
2014-06-28 10:55:33 +04:00
"io"
2014-04-10 22:20:58 +04:00
"io/ioutil"
"net/http"
"os"
"os/exec"
" path "
2014-04-14 19:22:00 +04:00
"path/filepath"
2014-04-10 22:20:58 +04:00
"regexp"
2014-11-17 22:53:41 +03:00
"runtime"
2014-04-10 22:20:58 +04:00
"strconv"
"strings"
"time"
"github.com/gogits/gogs/models"
2014-07-26 08:24:27 +04:00
"github.com/gogits/gogs/modules/base"
2014-06-20 09:14:54 +04:00
"github.com/gogits/gogs/modules/log"
2014-04-10 22:20:58 +04:00
"github.com/gogits/gogs/modules/middleware"
2014-05-26 04:11:25 +04:00
"github.com/gogits/gogs/modules/setting"
2014-04-10 22:20:58 +04:00
)
2014-07-26 08:24:27 +04:00
func authRequired ( ctx * middleware . Context ) {
ctx . Resp . Header ( ) . Set ( "WWW-Authenticate" , "Basic realm=\".\"" )
ctx . Data [ "ErrorMsg" ] = "no basic auth and digit auth"
2015-11-27 01:33:45 +03:00
ctx . Error ( 401 )
2014-07-26 08:24:27 +04:00
}
2015-10-24 10:36:47 +03:00
func HTTP ( ctx * middleware . Context ) {
2014-07-26 08:24:27 +04:00
username := ctx . Params ( ":username" )
2015-12-01 04:45:55 +03:00
reponame := strings . TrimSuffix ( ctx . Params ( ":reponame" ) , ".git" )
2014-04-10 22:20:58 +04:00
var isPull bool
service := ctx . Query ( "service" )
if service == "git-receive-pack" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-receive-pack" ) {
isPull = false
} else if service == "git-upload-pack" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-upload-pack" ) {
isPull = true
} else {
isPull = ( ctx . Req . Method == "GET" )
}
2015-12-01 04:45:55 +03:00
isWiki := false
if strings . HasSuffix ( reponame , ".wiki" ) {
isWiki = true
reponame = reponame [ : len ( reponame ) - 5 ]
}
2014-04-10 22:20:58 +04:00
repoUser , err := models . GetUserByName ( username )
if err != nil {
2015-08-05 06:14:17 +03:00
if models . IsErrUserNotExist ( err ) {
2014-08-02 21:47:33 +04:00
ctx . Handle ( 404 , "GetUserByName" , nil )
2014-05-31 01:57:38 +04:00
} else {
2014-08-02 21:47:33 +04:00
ctx . Handle ( 500 , "GetUserByName" , err )
2014-05-31 01:57:38 +04:00
}
2014-04-10 22:20:58 +04:00
return
}
repo , err := models . GetRepositoryByName ( repoUser . Id , reponame )
if err != nil {
2015-03-16 11:04:27 +03:00
if models . IsErrRepoNotExist ( err ) {
2014-08-02 21:47:33 +04:00
ctx . Handle ( 404 , "GetRepositoryByName" , nil )
2014-05-31 01:57:38 +04:00
} else {
2014-08-02 21:47:33 +04:00
ctx . Handle ( 500 , "GetRepositoryByName" , err )
2014-05-31 01:57:38 +04:00
}
2014-04-10 22:20:58 +04:00
return
}
2015-02-07 23:47:23 +03:00
// Only public pull don't need auth.
2014-04-16 12:45:02 +04:00
isPublicPull := ! repo . IsPrivate && isPull
2015-02-07 23:47:23 +03:00
var (
askAuth = ! isPublicPull || setting . Service . RequireSignInView
authUser * models . User
authUsername string
authPasswd string
)
2014-04-11 06:27:13 +04:00
2014-04-10 22:20:58 +04:00
// check access
if askAuth {
2015-11-24 06:32:07 +03:00
authHead := ctx . Req . Header . Get ( "Authorization" )
if len ( authHead ) == 0 {
2014-04-10 22:20:58 +04:00
authRequired ( ctx )
return
}
2015-11-24 06:32:07 +03:00
auths := strings . Fields ( authHead )
2014-04-10 22:20:58 +04:00
// currently check basic auth
// TODO: support digit auth
2015-02-07 23:47:23 +03:00
// FIXME: middlewares/context.go did basic auth check already,
// maybe could use that one.
2014-04-10 22:20:58 +04:00
if len ( auths ) != 2 || auths [ 0 ] != "Basic" {
2015-03-28 17:30:05 +03:00
ctx . HandleText ( 401 , "no basic auth and digit auth" )
2014-04-10 22:20:58 +04:00
return
}
2015-02-07 23:47:23 +03:00
authUsername , authPasswd , err = base . BasicAuthDecode ( auths [ 1 ] )
2014-04-10 22:20:58 +04:00
if err != nil {
2015-03-28 17:30:05 +03:00
ctx . HandleText ( 401 , "no basic auth and digit auth" )
2014-04-10 22:20:58 +04:00
return
}
2015-03-12 08:15:01 +03:00
authUser , err = models . UserSignIn ( authUsername , authPasswd )
2014-04-10 22:20:58 +04:00
if err != nil {
2015-08-05 06:14:17 +03:00
if ! models . IsErrUserNotExist ( err ) {
2015-02-27 15:42:03 +03:00
ctx . Handle ( 500 , "UserSignIn error: %v" , err )
2015-01-08 17:16:38 +03:00
return
}
2015-02-07 23:47:23 +03:00
// Assume username now is a token.
2015-08-19 01:22:33 +03:00
token , err := models . GetAccessTokenBySHA ( authUsername )
2015-02-07 23:47:23 +03:00
if err != nil {
2015-09-02 09:40:15 +03:00
if models . IsErrAccessTokenNotExist ( err ) {
2015-03-28 17:30:05 +03:00
ctx . HandleText ( 401 , "invalid token" )
2015-02-07 23:47:23 +03:00
} else {
ctx . Handle ( 500 , "GetAccessTokenBySha" , err )
2015-01-08 17:16:38 +03:00
}
2015-02-07 23:47:23 +03:00
return
2015-01-08 17:16:38 +03:00
}
2015-08-19 01:22:33 +03:00
token . Updated = time . Now ( )
2016-01-06 22:41:42 +03:00
if err = models . UpdateAccessToken ( token ) ; err != nil {
ctx . Handle ( 500 , "UpdateAccessToken" , err )
2015-08-19 01:22:33 +03:00
}
2015-08-17 12:05:37 +03:00
authUser , err = models . GetUserByID ( token . UID )
2015-02-07 23:47:23 +03:00
if err != nil {
2015-12-31 05:29:30 +03:00
ctx . Handle ( 500 , "GetUserByID" , err )
2015-01-08 17:16:38 +03:00
return
}
2014-04-10 22:20:58 +04:00
}
2014-04-16 12:45:02 +04:00
if ! isPublicPull {
2015-02-09 14:36:33 +03:00
var tp = models . ACCESS_MODE_WRITE
2014-04-16 12:45:02 +04:00
if isPull {
2015-02-09 14:36:33 +03:00
tp = models . ACCESS_MODE_READ
2014-04-16 12:45:02 +04:00
}
2014-04-10 22:20:58 +04:00
2015-02-05 16:29:08 +03:00
has , err := models . HasAccess ( authUser , repo , tp )
2014-04-16 12:45:02 +04:00
if err != nil {
2015-12-31 05:29:30 +03:00
ctx . Handle ( 500 , "HasAccess" , err )
2014-04-16 12:45:02 +04:00
return
} else if ! has {
2015-02-09 14:36:33 +03:00
if tp == models . ACCESS_MODE_READ {
has , err = models . HasAccess ( authUser , repo , models . ACCESS_MODE_WRITE )
2015-12-31 05:29:30 +03:00
if err != nil {
ctx . Handle ( 500 , "HasAccess2" , err )
return
} else if ! has {
ctx . HandleText ( 403 , "User permission denied" )
2014-04-16 12:45:02 +04:00
return
}
} else {
2015-12-31 05:29:30 +03:00
ctx . HandleText ( 403 , "User permission denied" )
2014-04-10 22:20:58 +04:00
return
}
}
2015-02-16 13:00:06 +03:00
if ! isPull && repo . IsMirror {
2015-12-31 05:29:30 +03:00
ctx . HandleText ( 403 , "mirror repository is read-only" )
2015-02-16 13:00:06 +03:00
return
}
2014-04-10 22:20:58 +04:00
}
}
2015-03-12 08:15:01 +03:00
callback := func ( rpc string , input [ ] byte ) {
2015-12-01 04:45:55 +03:00
if rpc != "receive-pack" || isWiki {
return
}
2014-06-28 10:55:33 +04:00
2015-12-01 04:45:55 +03:00
var lastLine int64 = 0
for {
head := input [ lastLine : lastLine + 2 ]
if head [ 0 ] == '0' && head [ 1 ] == '0' {
size , err := strconv . ParseInt ( string ( input [ lastLine + 2 : lastLine + 4 ] ) , 16 , 32 )
if err != nil {
log . Error ( 4 , "%v" , err )
return
}
2014-06-28 10:55:33 +04:00
2015-12-01 04:45:55 +03:00
if size == 0 {
//fmt.Println(string(input[lastLine:]))
break
}
2015-07-25 16:32:04 +03:00
2015-12-01 04:45:55 +03:00
line := input [ lastLine : lastLine + size ]
idx := bytes . IndexRune ( line , '\000' )
if idx > - 1 {
line = line [ : idx ]
}
fields := strings . Fields ( string ( line ) )
if len ( fields ) >= 3 {
oldCommitId := fields [ 0 ] [ 4 : ]
newCommitId := fields [ 1 ]
refName := fields [ 2 ]
// FIXME: handle error.
2016-02-18 06:47:06 +03:00
if err = models . PushUpdate ( models . PushUpdateOptions {
RefName : refName ,
OldCommitID : oldCommitId ,
NewCommitID : newCommitId ,
PusherID : authUser . Id ,
PusherName : authUser . Name ,
RepoUserName : username ,
RepoName : reponame ,
} ) ; err == nil {
2015-12-01 04:45:55 +03:00
go models . HookQueue . Add ( repo . ID )
go models . AddTestPullRequestTask ( repo . ID , strings . TrimPrefix ( refName , "refs/heads/" ) )
2014-06-28 10:55:33 +04:00
}
2015-12-01 04:45:55 +03:00
2014-04-11 06:27:13 +04:00
}
2015-12-01 04:45:55 +03:00
lastLine = lastLine + size
} else {
break
2014-04-11 06:27:13 +04:00
}
}
2014-06-28 10:55:33 +04:00
}
2016-02-02 17:09:47 +03:00
HTTPBackend ( ctx , & Config {
2015-03-12 08:15:01 +03:00
RepoRootPath : setting . RepoRootPath ,
GitBinPath : "git" ,
UploadPack : true ,
ReceivePack : true ,
OnSucceed : callback ,
} ) ( ctx . Resp , ctx . Req . Request )
2014-04-10 22:20:58 +04:00
2014-11-17 22:53:41 +03:00
runtime . GC ( )
2014-04-10 22:20:58 +04:00
}
type Config struct {
2015-03-12 08:15:01 +03:00
RepoRootPath string
GitBinPath string
UploadPack bool
ReceivePack bool
OnSucceed func ( rpc string , input [ ] byte )
2014-04-10 22:20:58 +04:00
}
type handler struct {
* Config
w http . ResponseWriter
r * http . Request
Dir string
File string
}
2015-03-12 08:15:01 +03:00
type route struct {
cr * regexp . Regexp
method string
handler func ( handler )
}
2014-04-10 22:20:58 +04:00
var routes = [ ] route {
{ regexp . MustCompile ( "(.*?)/git-upload-pack$" ) , "POST" , serviceUploadPack } ,
{ regexp . MustCompile ( "(.*?)/git-receive-pack$" ) , "POST" , serviceReceivePack } ,
{ regexp . MustCompile ( "(.*?)/info/refs$" ) , "GET" , getInfoRefs } ,
{ regexp . MustCompile ( "(.*?)/HEAD$" ) , "GET" , getTextFile } ,
{ regexp . MustCompile ( "(.*?)/objects/info/alternates$" ) , "GET" , getTextFile } ,
{ regexp . MustCompile ( "(.*?)/objects/info/http-alternates$" ) , "GET" , getTextFile } ,
{ regexp . MustCompile ( "(.*?)/objects/info/packs$" ) , "GET" , getInfoPacks } ,
{ regexp . MustCompile ( "(.*?)/objects/info/[^/]*$" ) , "GET" , getTextFile } ,
{ regexp . MustCompile ( "(.*?)/objects/[0-9a-f]{2}/[0-9a-f]{38}$" ) , "GET" , getLooseObject } ,
{ regexp . MustCompile ( "(.*?)/objects/pack/pack-[0-9a-f]{40}\\.pack$" ) , "GET" , getPackFile } ,
{ regexp . MustCompile ( "(.*?)/objects/pack/pack-[0-9a-f]{40}\\.idx$" ) , "GET" , getIdxFile } ,
}
2015-12-01 04:45:55 +03:00
func getGitDir ( config * Config , fPath string ) ( string , error ) {
root := config . RepoRootPath
if len ( root ) == 0 {
cwd , err := os . Getwd ( )
if err != nil {
log . GitLogger . Error ( 4 , err . Error ( ) )
return "" , err
}
root = cwd
}
if ! strings . HasSuffix ( fPath , ".git" ) {
fPath = fPath + ".git"
}
f := filepath . Join ( root , fPath )
if _ , err := os . Stat ( f ) ; os . IsNotExist ( err ) {
return "" , err
}
return f , nil
}
2014-04-10 22:20:58 +04:00
// Request handling function
2016-02-02 17:09:47 +03:00
func HTTPBackend ( ctx * middleware . Context , config * Config ) http . HandlerFunc {
2014-04-10 22:20:58 +04:00
return func ( w http . ResponseWriter , r * http . Request ) {
for _ , route := range routes {
2014-12-11 10:57:32 +03:00
r . URL . Path = strings . ToLower ( r . URL . Path ) // blue: In case some repo name has upper case name
2014-04-10 22:20:58 +04:00
if m := route . cr . FindStringSubmatch ( r . URL . Path ) ; m != nil {
if route . method != r . Method {
renderMethodNotAllowed ( w , r )
return
}
file := strings . Replace ( r . URL . Path , m [ 1 ] + "/" , "" , 1 )
dir , err := getGitDir ( config , m [ 1 ] )
if err != nil {
2014-07-26 08:24:27 +04:00
log . GitLogger . Error ( 4 , err . Error ( ) )
2016-02-02 17:09:47 +03:00
ctx . Handle ( 404 , "HTTPBackend" , err )
2014-04-10 22:20:58 +04:00
return
}
2015-12-01 04:45:55 +03:00
route . handler ( handler { config , w , r , dir , file } )
2014-04-10 22:20:58 +04:00
return
}
}
2014-06-28 07:06:07 +04:00
2016-02-02 17:09:47 +03:00
ctx . Handle ( 404 , "HTTPBackend" , nil )
2014-04-10 22:20:58 +04:00
return
}
}
// Actual command handling functions
func serviceUploadPack ( hr handler ) {
serviceRpc ( "upload-pack" , hr )
}
func serviceReceivePack ( hr handler ) {
serviceRpc ( "receive-pack" , hr )
}
func serviceRpc ( rpc string , hr handler ) {
w , r , dir := hr . w , hr . r , hr . Dir
2015-08-17 17:32:43 +03:00
defer r . Body . Close ( )
2014-04-10 22:20:58 +04:00
2015-03-12 08:15:01 +03:00
if ! hasAccess ( r , hr . Config , dir , rpc , true ) {
2014-04-10 22:20:58 +04:00
renderNoAccess ( w )
return
}
w . Header ( ) . Set ( "Content-Type" , fmt . Sprintf ( "application/x-git-%s-result" , rpc ) )
2014-10-16 00:28:38 +04:00
var (
reqBody = r . Body
input [ ] byte
br io . Reader
err error
)
// Handle GZIP.
if r . Header . Get ( "Content-Encoding" ) == "gzip" {
reqBody , err = gzip . NewReader ( reqBody )
if err != nil {
log . GitLogger . Error ( 2 , "fail to create gzip reader: %v" , err )
w . WriteHeader ( http . StatusInternalServerError )
return
}
}
2014-06-28 10:55:33 +04:00
if hr . Config . OnSucceed != nil {
2014-10-16 00:28:38 +04:00
input , err = ioutil . ReadAll ( reqBody )
if err != nil {
log . GitLogger . Error ( 2 , "fail to read request body: %v" , err )
w . WriteHeader ( http . StatusInternalServerError )
return
}
2014-06-28 10:55:33 +04:00
br = bytes . NewReader ( input )
} else {
2014-10-16 00:28:38 +04:00
br = reqBody
2014-06-28 10:55:33 +04:00
}
2014-06-28 07:06:07 +04:00
2014-04-10 22:20:58 +04:00
args := [ ] string { rpc , "--stateless-rpc" , dir }
cmd := exec . Command ( hr . Config . GitBinPath , args ... )
cmd . Dir = dir
2014-06-28 07:06:07 +04:00
cmd . Stdout = w
cmd . Stdin = br
2014-04-10 22:20:58 +04:00
2014-10-16 00:28:38 +04:00
if err := cmd . Run ( ) ; err != nil {
log . GitLogger . Error ( 2 , "fail to serve RPC(%s): %v" , rpc , err )
w . WriteHeader ( http . StatusInternalServerError )
2014-04-10 22:20:58 +04:00
return
}
if hr . Config . OnSucceed != nil {
hr . Config . OnSucceed ( rpc , input )
}
}
func getInfoRefs ( hr handler ) {
w , r , dir := hr . w , hr . r , hr . Dir
serviceName := getServiceType ( r )
access := hasAccess ( r , hr . Config , dir , serviceName , false )
if access {
args := [ ] string { serviceName , "--stateless-rpc" , "--advertise-refs" , "." }
refs := gitCommand ( hr . Config . GitBinPath , dir , args ... )
hdrNocache ( w )
w . Header ( ) . Set ( "Content-Type" , fmt . Sprintf ( "application/x-git-%s-advertisement" , serviceName ) )
w . WriteHeader ( http . StatusOK )
w . Write ( packetWrite ( "# service=git-" + serviceName + "\n" ) )
w . Write ( packetFlush ( ) )
w . Write ( refs )
} else {
updateServerInfo ( hr . Config . GitBinPath , dir )
hdrNocache ( w )
sendFile ( "text/plain; charset=utf-8" , hr )
}
}
func getInfoPacks ( hr handler ) {
hdrCacheForever ( hr . w )
sendFile ( "text/plain; charset=utf-8" , hr )
}
func getLooseObject ( hr handler ) {
hdrCacheForever ( hr . w )
sendFile ( "application/x-git-loose-object" , hr )
}
func getPackFile ( hr handler ) {
hdrCacheForever ( hr . w )
sendFile ( "application/x-git-packed-objects" , hr )
}
func getIdxFile ( hr handler ) {
hdrCacheForever ( hr . w )
sendFile ( "application/x-git-packed-objects-toc" , hr )
}
func getTextFile ( hr handler ) {
hdrNocache ( hr . w )
sendFile ( "text/plain" , hr )
}
// Logic helping functions
func sendFile ( contentType string , hr handler ) {
w , r := hr . w , hr . r
reqFile := path . Join ( hr . Dir , hr . File )
f , err := os . Stat ( reqFile )
if os . IsNotExist ( err ) {
renderNotFound ( w )
return
}
w . Header ( ) . Set ( "Content-Type" , contentType )
w . Header ( ) . Set ( "Content-Length" , fmt . Sprintf ( "%d" , f . Size ( ) ) )
w . Header ( ) . Set ( "Last-Modified" , f . ModTime ( ) . Format ( http . TimeFormat ) )
http . ServeFile ( w , r , reqFile )
}
func getServiceType ( r * http . Request ) string {
serviceType := r . FormValue ( "service" )
if s := strings . HasPrefix ( serviceType , "git-" ) ; ! s {
return ""
}
return strings . Replace ( serviceType , "git-" , "" , 1 )
}
func hasAccess ( r * http . Request , config * Config , dir string , rpc string , checkContentType bool ) bool {
if checkContentType {
if r . Header . Get ( "Content-Type" ) != fmt . Sprintf ( "application/x-git-%s-request" , rpc ) {
return false
}
}
if ! ( rpc == "upload-pack" || rpc == "receive-pack" ) {
return false
}
if rpc == "receive-pack" {
return config . ReceivePack
}
if rpc == "upload-pack" {
return config . UploadPack
}
return getConfigSetting ( config . GitBinPath , rpc , dir )
}
func getConfigSetting ( gitBinPath , serviceName string , dir string ) bool {
serviceName = strings . Replace ( serviceName , "-" , "" , - 1 )
setting := getGitConfig ( gitBinPath , "http." + serviceName , dir )
if serviceName == "uploadpack" {
return setting != "false"
}
return setting == "true"
}
func getGitConfig ( gitBinPath , configName string , dir string ) string {
args := [ ] string { "config" , configName }
out := string ( gitCommand ( gitBinPath , dir , args ... ) )
return out [ 0 : len ( out ) - 1 ]
}
func updateServerInfo ( gitBinPath , dir string ) [ ] byte {
args := [ ] string { "update-server-info" }
return gitCommand ( gitBinPath , dir , args ... )
}
2015-12-11 12:55:08 +03:00
// FIXME: use process module
2014-04-10 22:20:58 +04:00
func gitCommand ( gitBinPath , dir string , args ... string ) [ ] byte {
command := exec . Command ( gitBinPath , args ... )
command . Dir = dir
out , err := command . Output ( )
if err != nil {
2014-07-26 08:24:27 +04:00
log . GitLogger . Error ( 4 , err . Error ( ) )
2014-04-10 22:20:58 +04:00
}
return out
}
// HTTP error response handling functions
func renderMethodNotAllowed ( w http . ResponseWriter , r * http . Request ) {
if r . Proto == "HTTP/1.1" {
w . WriteHeader ( http . StatusMethodNotAllowed )
w . Write ( [ ] byte ( "Method Not Allowed" ) )
} else {
w . WriteHeader ( http . StatusBadRequest )
w . Write ( [ ] byte ( "Bad Request" ) )
}
}
func renderNotFound ( w http . ResponseWriter ) {
w . WriteHeader ( http . StatusNotFound )
w . Write ( [ ] byte ( "Not Found" ) )
}
func renderNoAccess ( w http . ResponseWriter ) {
w . WriteHeader ( http . StatusForbidden )
w . Write ( [ ] byte ( "Forbidden" ) )
}
// Packet-line handling function
func packetFlush ( ) [ ] byte {
return [ ] byte ( "0000" )
}
func packetWrite ( str string ) [ ] byte {
s := strconv . FormatInt ( int64 ( len ( str ) + 4 ) , 16 )
if len ( s ) % 4 != 0 {
s = strings . Repeat ( "0" , 4 - len ( s ) % 4 ) + s
}
return [ ] byte ( s + str )
}
// Header writing functions
func hdrNocache ( w http . ResponseWriter ) {
w . Header ( ) . Set ( "Expires" , "Fri, 01 Jan 1980 00:00:00 GMT" )
w . Header ( ) . Set ( "Pragma" , "no-cache" )
w . Header ( ) . Set ( "Cache-Control" , "no-cache, max-age=0, must-revalidate" )
}
func hdrCacheForever ( w http . ResponseWriter ) {
now := time . Now ( ) . Unix ( )
expires := now + 31536000
w . Header ( ) . Set ( "Date" , fmt . Sprintf ( "%d" , now ) )
w . Header ( ) . Set ( "Expires" , fmt . Sprintf ( "%d" , expires ) )
w . Header ( ) . Set ( "Cache-Control" , "public, max-age=31536000" )
}